Security Analysis of a Cryptographically-Enabled RFID Device
Understanding Decentralized IdentifiersDecentralized Identifiers Kim Hamilton Duffy ... persistent...
Transcript of Understanding Decentralized IdentifiersDecentralized Identifiers Kim Hamilton Duffy ... persistent...
Understanding Decentralized Identifiers
Kim Hamilton DuffyCTO Learning Machine
Co-chair W3C Credentials Community GroupDecentralized Identity Foundation Steering Committee
1
What is a Decentralized Identifier?
A new type of URL that is:
● globally unique,
● highly available,
● persistent
● cryptographically verifiable, and
● does not require a central admin
2
did:btcr:txtest1:8kyt-fzzq-qqqq-ase0-d8
We use DIDs in Verifiable Credentials
3
DID Implementations (Methods)
4
did:example:123456789abcdefghijk
Scheme
DID MethodDID Method Specific String
did:v1:nym:BcNkgGmGEpCGSJSMPB4BvWvwVM6YeTR52BSWcZTbzU23did:btcr:txtest1:8kyt-fzzq-qqqq-ase0-d8
Examples:
DIDs Resolve to DID Documents
5
{ "@context": "https://w3id.org/veres-one/v1", "id": "did:v1:nym:DwkYwcoyUXHNkpj3whn4DgXB4fcg9gj95vKxYN2apkZD", "authentication": [{ "type": "Ed25519SignatureAuthentication2018", "publicKey": [{ "id": "did:v1:test:nym:DwkYwcoyUXHNkpj3whn4DgXB4fcg9gj95vKxYN2apkZD#authn-key-1", "type": "Ed25519VerificationKey2018", "controller": "did:v1:nym:DwkYwcoyUXHNkpj3whn4DgXB4fcg9gj95vKxYN2apkZD", "publicKeyBase58": "DwkYwcoyUXHNkpj3whn4DgXB4fcg9gj95vKxYN2apkZD" }] }], "service": [{ "type": "ExampleMessagingService2018", "serviceEndpoint": ”https://example.com/services/messages” }], … more DID-specific information here … }
1. Authentication Mechanisms
3. Service Discovery2. Public Key Material
did:btcr:xkyt-fzgq-qq87-xnhn
Universal Resolver
DID RESOLUTION
DID Method Spec
DID Document
DID
{ "@context": "https://w3id.org/did/v1", "id": "did:example:123456789abcdefghi", "publicKey": [{ "id": "did:example:123456789abcdefghi#keys-1", "type": "RsaSigningKey2018", "owner": "did:example:123456789abcdefghi", "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n" }], "authentication": [{ "type": "RsaSignatureAuthentication2018", "publicKey": "did:example:123456789abcdefghi#keys-1" }], "service": [{ "type": "ExampleService", "serviceEndpoint": "https://example.com/endpoint/8377464" }], "created": "2002-10-10T17:00:00Z", "updated": "2016-10-17T02:41:00Z", "signature": { "type": "RsaSignature2016", "created": "2016-02-08T16:02:20Z", "creator": "did:sov:8uQhQMGzWxR8vw5P3UWH1j#key/1", "signatureValue": "IOmA4R7TfhkYTYW87z640O3GYFldw0 yqie9Wl1kZ5OBYNAKOwG5uOsPRK8/2 C4STOWF+83cMcbZ3CBMq2/gi25s=“ } }}
DID DOCUMENT
1. DID (for self-description)2. Public keys (for verification)3. Auth methods (for authentication)4. Service endpoints (for interaction)5. Timestamp (for audit history)6. Signature (for integrity)
Status
8
● Incubated at RWOT, IIW● Currently:
○ Draft report in W3C Credentials Community Group
○ Protocols and prototypes at DIF○ DID Method Registry○ DID Auth, DID Resolver
● To Discuss: DID Working Group
DID & VC ArchitectureRoadmap 2018+
Christopher AllenPrincipal Architect & Founder — Blockchain Commons
W3C Credentials CG Chair9
Current W3C Standards Track Efforts
10
● Verifiable Claims WG, Verifiable Credentials○ Anyone can verifiably say anything about anyone.○ Identity emerges from evaluating multiple sources of
information, across multiple interactions● Decentralized Identifiers (DIDs), draft WG
○ Anyone can publicly manage provable identifiers without administrative interference
○ Move beyond centrally administered IDs○ Provide for a plurality of authorities
Decentralized Identity Stack
11
● DIDs – Root Identifiers○ DID Universal Resolvers — support interoperability between
multiple DID methods.○ DID Methods – Specific approaches using different blockchains○ DID Documents – Proof of Control & Service References
+
Decentralized Identity Stack
12
● DIDs – Root Identifiers …● Raw Data – Observed facts & transactions● Verifiable Credentials – Assertions by knowable authorities● Profiles / Presentations / Persona – Representations of individuals● Consent – Records of authorization● Reasoning – Interpretation & Analysis● Evaluation – Risk Analysis & Reputation● Understanding – Internal knowledge representation● Services – Interactions of value
Potential Standards for Future Work
13
● DID-Auth (Authn/Authz)● OCAP (Authz through Object Capabilities)● Credential Requests & Exchange● Data Minimization & Selective Disclosure● Consent & Consent Receipts● Storage (Identity Hubs) & Internal Representations● Analytics & Algorithms for Evaluation● Cryptographic Proofs
○ Signature, Encryption, Signcryption Suites○ Time-stamping○ Zero-knowledge proofs
https://w3c-ccg.github.io/roadmap/diagram.html